From: Jesse Pollard <jesse@cats-chateau.net>
To: Helge Hafting <helgehaf@aitel.hist.no>
Cc: Fredrik Tolf <fredrik@dolda2000.cjb.net>, linux-kernel@vger.kernel.org
Subject: Re: PTY DOS vulnerability?
Date: Wed, 2 Jul 2003 20:14:36 -0500 [thread overview]
Message-ID: <03070220143600.04348@tabby> (raw)
In-Reply-To: <20030701195323.GA15483@hh.idb.hist.no>
On Tuesday 01 July 2003 14:53, Helge Hafting wrote:
> On Tue, Jul 01, 2003 at 06:57:49AM -0500, Jesse Pollard wrote:
> > One problem is that ptys are not just "used by the user". Every terminal
> > window opened uses a pty. As does a network connection.
> >
> > As does "expect" - which is less visible to the user since it is intended
> > to be invisible.
> >
> > The real question is "how many PTYs should a single user have?"
> > Which then prompts the question "How many concurrent users should there
> > be?"
> >
> > second, just providing a user limit doesn't prevent a denial of service..
> > Just have more connections than ptys and you are in the same situation.
>
> Isn't this something a improved sshd could do? I.e. if the
> connection using up the last (or one of the last) pty's logs
> in as non-root - just kill it.
and how is it to determine that it is the last?
try two and die if the second fails???
at least one system just creates more ptys...
next prev parent reply other threads:[~2003-07-03 1:00 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-30 14:18 PTY DOS vulnerability? Fredrik Tolf
2003-06-30 17:55 ` Alan Cox
2003-06-30 21:31 ` Fredrik Tolf
2003-06-30 21:36 ` Alan Cox
2003-07-01 12:15 ` Jesse Pollard
2003-07-01 13:41 ` Timothy Miller
2003-07-01 6:22 ` Oleg Drokin
2003-07-01 11:57 ` Jesse Pollard
2003-07-01 19:53 ` Helge Hafting
2003-07-02 6:42 ` Paul Rolland
2003-07-03 1:14 ` Jesse Pollard [this message]
2003-07-03 1:52 ` H. Peter Anvin
2003-07-08 23:11 Clayton Weaver
2003-07-09 10:08 ` Svein Ove Aas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=03070220143600.04348@tabby \
--to=jesse@cats-chateau.net \
--cc=fredrik@dolda2000.cjb.net \
--cc=helgehaf@aitel.hist.no \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).